automated social engineering at it's best (maybe?)

bscott at ntisys.com bscott at ntisys.com
Tue Jul 27 19:49:01 EDT 2004 

On Wed, 28 Jul 2004, at 2:07am, invalid at pizzashack.org wrote:
> So, anyone have any good procmail recipies for this bogosity?

  Since you're dealing with a message that forged the sender as coming from
*your domain*, you might look into things such as SPF.  If you can get away
with it, you could configure your public MX to refuse anything that claims
to be from your own domain.

  If you can get away with it, a procmail rule that blackholes anything with
an executable Microsoft attachment is a wonderful thing.

> I'm still getting basically no spam, but what can you do when your friends
> don't know how to take care of their PCs?

  Educate them.  Or find better friends.  ;-)

> If you're cluless or lazy about keeping your PC in good health, you might
> want to save your freinds' inboxes and check out some of the links
> below...

  Alas, people who have clue don't need to be told, and those who don't have
clue don't seem to listen.  :-(

  Most of the worms of late are of the "Trojan horse" variety: They depend
on social engineering attacks to trick people into running an attached
executable.  "If someone else can convince you to run their software on your
computer, it isn't your computer anymore."  Until people wake up and
*think*, this problem will continue.

> All the security fixes that Microsoft has finally gotten around to
> fixing in their spare time (it must be the right link, it comes up
> completely blank in Mozilla):
> 
>   http://windowsupdate.microsoft.com/

  While always a good idea, this does not solve the major problem (see
above).

> Good free personal firewall software:
> 
>   http://www.zonelabs.com/

  Might help.  The problem is that the same lusers who ran the Trojan tend
to authorize it to "Use the Internet" when asked by ZoneAlarm.  I wish I was
kidding.

> Good free (for personal use) Anti-virus software:
> 
>   http://www.free-av.com/

  Good anti-virus software does do a good job of protecting lusers from
themselves.  The problems with AV are (1) you have to use it, (2) it is
reactive (and thus lusers are vulnerable until the sigs update), (3) lusers
don't make sure their sigs get updated.

> [There was meant to be some humor in this message, albeit sarcastic. If
> you didn't see it, try harder next time...  ;-)]

  Ha ha.  Only serious.

-- 
Ben Scott <bscott at ntisys.com>
| The opinions expressed in this message are those of the author and do  |
| not represent the views or policy of any other person or organization. |
| All information is provided without warranty of any kind.              |

More information about the gnhlug-discuss mailing list